New Cyber Security Laws For Telecoms Providers

Uploaded on 2022-09-13 in FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms

New UK telecom security regulations, which has been developed with the National Cyber Security Centre (NCSC) and the telecom regulator, Ofcom, is among the strongest in the world, providing tougher protection for the UK from cyber threats, which could cause network failure or the theft of sensitive data. 

The UK government published a public consultation response earlier this month, outlining some of the changes that have been made to the regulations and code of practice. 

The government has been clear in its ambition to make the United Kingdom a world leader in digital connectivity. Over 69% of the country has access to gigabit-capable broadband, and the government’s ambition for the majority of the population to have access to a 5G signal by 2027 has been delivered five years early.. But we know that today the security and resilience of our communications networks and services is more important than ever. From heightened geopolitical threats through to malicious cyber criminals exploiting network vulnerabilities, global events have shown the importance of providing world-leading security for our networks and services,” say the UK government’s Minister introducing the Report.

Although not yet integrated into the actual framework and remain drafted, the UK plans to implement the updates in October. The consultation is about the adoption of the Telecommunications Security Act, which was developed alongside the National Cyber Security Centre in November 2021.

The October framework, however, will impose unprecedented security regulations designed to protect UK telecom networks against cyber attacks targeting the industry. 

The regulations span several different areas of concern, such as data, software and equipment protection, risk assessment, and anomaly detection. Part of the Telecommunications (Security) Act, the new regulations give the government power to set security standards for mobile and broadband networks. This covers both hardware and software at mast sites and in telephone exchanges that handle Internet traffic as well as phone calls.

Telecom providers will also have to fulfill additional legal duties which include:-

  • Identifying and assessing risks to edge equipment.
  • Keeping control of who can make network-wide changes.
  • Protecting against specific malicious signaling.
  • Understanding risks facing their networks.

On the last point the telecoms operator must be able to identify when anomalous activity is taking place and be able to report it, as well as take account of supply chain risks and make changes to the operation of their networks and services to enhance security.

UK.Gov:    UK.Gov:     Oodaloop:    TEISS:      Infosecurity Magazine:    Techmonitor:    TotalTele

You Might Also Read: 

Data Protection Must Be a Part of Every Cyber Security Strategy:

 

« Evil Has New Cyber Weapons
India's Health Systems Are A Top Target »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Snort

Snort

Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

CSIRT Malta

CSIRT Malta

CSIRT Malta supports critical infrastructure organisations in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents.

MACH37

MACH37

MACH37 is a market-centric cybersecurity accelerator program designed to facilitate the creation of the next generation of cybersecurity product companies.

Hivint

Hivint

Hivint is a new kind of Information Security professional services company enabling collaboration between our clients to reduce unnecessary security spend.

CipherMail

CipherMail

CipherMail provides email security products which allow organizations world wide to automatically protect their email against unauthorized access both in transit and at rest.

ReSec Technologies

ReSec Technologies

ReSec provides total protection against all types of known and unknown malware threats including viruses, Trojans, ransomware and phishing, regardless of their delivery method.

Cambridge Cybercrime Centre

Cambridge Cybercrime Centre

The Cambridge Cybercrime Centre is a multi-disciplinary initiative combining expertise from the Department of Computer Science and Technology, Institute of Criminology and Faculty of Law.

Prompt

Prompt

Prompt supports the creation of partnerships and the setting up of industrial-institutional applied R&D projects for all ICT sectors.

Meditology

Meditology

Meditology Services is a top-ranked provider of information risk management, cybersecurity, privacy, and regulatory compliance consulting services exclusively for healthcare organizations.

Activu

Activu

Activu makes any information visible, collaborative, and proactive for people tasked with monitoring critical operations including network security.

Cegeka

Cegeka

Cegeka is a family-owned IT company providing end-to-end IT solutions, services & consultancy.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

Integris

Integris

Integris offers best-in-class services like dedicated vCIOs, specialized security and compliance advisory services, a 24/7 help desk, and more.

S2W

S2W

S2W is a data intelligence company specialized in cyber threat intelligence, brand/digital abuse, and blockchain.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

DefectDojo

DefectDojo

DefectDojo is a DevSecOps and vulnerability management tool.